On Tuesday 18 November 2008 07:00:56 Michael Wiegand wrote:
> * Tim Brown [17. Nov 2008]:
> > Cheers Michael and Thomas, but actually that's not the problem :(.
> >
> > Obviously your check is an improvement on that ;). I may have the chance
> > to run my scripts on a real world box this week, so I'll see if I can
> > nail down where my problem lies.
>> That would have probably been too easy. :) Do you have any other hints
> as to what the problem might be? What goes wrong? I have access to a
> Solaris Box as well, so if there is anything you want me to test, just
> let me know.
Okay, I got the chance to do a bit of debugging this evening. At the start of
my copy of gather-package-list.nasl:
uname = ssh_cmd(socket:sock, cmd:"uname -a");
is called. This successfully results in uname being set to "SunOS obfuscated
5.o Generic_oooooo-oo sun4u sparc SUNW,UltraSPARC-IIi-cEngine". Then at the
end of the script, if uname is detected as starting with "SunOS ", then some
more commands are run:
security_note(port:port, data:uname);
osversion = ssh_cmd(socket:sock, cmd:"uname -r");
security_note(port:port, data:osversion);
set_kb_item(name: "ssh/login/solosversion", value:osversion);
hardwaretype = ssh_cmd(socket:sock, cmd:"uname -p");
security_note(port:port, data:hardwaretype);
set_kb_item(name: "ssh/login/solhardwaretype", value:hardwaretype);
buf = ssh_cmd(socket:sock, cmd:"pkginfo");
security_note(port:port, data:buf);
set_kb_item(name: "ssh/login/solpackages", value:buf);
buf = ssh_cmd(socket:sock, cmd:"showrev -p");
security_note(port:port, data:buf);
set_kb_item(name: "ssh/login/solpatches", value:buf);
However, it appears that osversion etc never get populated. Each debug
security_note results in a hole being noted which contains the following
data:
"This script will, if given a userid/password or
key to the remote system, login to that system,
determine the OS it is running, and for supported
systems, extract the list of installed packages/rpms."
This is the default value (description) which is used when (I believe)
security_note is passed a null data parameter. If I reorder the script so
that the Solaris checks are carried out directly after the initial uname then
it works.
In essence, the later ssh_cmd do not appear to run correctly. I did try your
patch to libopenvas MIchael, but that didn't seem to resolve it.
Cheers,
Tim
--
Tim Brown
<mailto:timb at nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>